A report from the Rand Corp. recommends the creation of an independent organization to determine the parties responsible in conducting specific cyberattacks, saying the system could boost credibility and help usher in a standardized process for naming and reporting on such attacks. “We are dealing with a complex topic and many executives don’t necessarily know cybersecurity, may not understand the technical details associated with IT, so there is a need to simplify this process of understanding what was involved in identifying and calling out an identified perpetrator,” said John Davis, senior information scientist at Rand, a think tank. The report was sponsored by Microsoft Corp.

Whether it’s a government intelligence agency or a private firm that is now conducting these attribution efforts to identify attackers, neither side uses a standard way of specifying how they identified an adversary or the confidence metrics they use to show how comfortable they are with their conclusions, said Mr. Davis. An independent body that uses the same metrics in each case could help provide more clarity and understanding as to why the group feels confident in one case and less confident in another. Organizations also use a wide range of ways to identify attacks and all of this can be confusing to executives and board members who need quickly to get a handle on these attacks, he said. “If you don’t have expertise and you are having to deal with all these [names], that just adds to the level of confusion,” said Mr. Davis.

Reports from an independent organization that come free of political influence and bias concerns could prove useful beyond helping to identify specific attackers, as organizations dealing with their own cybersecurity issues could look to the group’s reports as a tool to help them assess their own cyber risks, he said. As reports are determined, “part of the value is they may be used to help organizations make decisions about how to bolster their own defenses,” said Mr. Davis. “They can kind of play an information-sharing role in identifying an attacker, but in addition a company may say, ‘We weren’t caught up but we might want to watch out for this.’ If this organization can do this in a transparent way, if it can establish a credible track record, it can be valuable.”

Readers can subscribe to The Morning Risk Report here: http://on.wsj.com/MorningRiskReportSignup. Follow us on Twitter at @WSJRisk.

EXCLUSIVE ON RISK AND COMPLIANCE JOURNAL

Former Marsh executive named CEO of iJET International . Benjamin Allen was named chief executive of iJET International Inc., a risk consulting firm backed by private-equity shop LLR Partners, the company told The Wall Street Journal. The change comes as the firm looks to capitalize on the growing demand for risk services. Mr. Allen takes over from co-founder and previous CEO Bruce McIndoe, who now serves as president. Mr. Allen was previously president of Marsh & McLennan Agency LLC, a subsidiary of insurance broker Marsh Inc. that serves midmarket companies.

COMPLIANCE

AG squashes third-party donations in settlements . Attorney General Jeff Sessions has ordered prosecutors to stop settling corporate wrongdoing cases by requiring companies to make donations to third-party groups, a feature of some Obama-era bank settlements that congressional Republicans opposed. In a brief, one-page memo dated Monday and released on Wednesday, WSJ reports Mr. Sessions told Justice Department officials they could no longer include any provision in a civil or criminal settlement “that directs or provides for a payment or loan to any non-governmental person or entity that is not a party to the dispute.”

Former Brazil minister arrested . Henrique Eduardo Alves, a former tourism minister in Brazil, was arrested Tuesday as part of a corruption investigation involving the construction of a soccer stadium for the 2014 World Cup, Reuters reports. Mr. Alves is a close friend to embattled Brazil President Michel Temer, who is fighting attempts to be removed from office. Mr. Alves doesn’t appear to have commented.

Plan to merge regulators faces resistance . A proposal in President Donald Trump’s budget to eliminate a regulator and cut government spending is drawing criticism from an unexpected source: Washington’s business lobby. WSJ reports pro-business organizations are skeptical of the administration’s plan to merge the department’s body that oversees government contractors into the Equal Employment Opportunity Commission, an independent agency that enforces antidiscrimination laws among all employers. Labor Secretary Alexander Acosta is expected to outline the administration’s plans on Wednesday.

DATA SECURITY

Arrest of suspected leaker highlights information-access issues . The arrest of a U.S. government contractor on charges she leaked classified information related to the investigation into Russian election hacking is the latest reminder of the vulnerabilities that come from the use of contractors, Guardian reports. It’s difficult to know how many contractors have access to classified information but a 2016 government report said more than 428,000 people in 2015 had top-secret clearance.

Firm finds evidence of cyber campaign against Montenegro . Cybersecurity firm FireEye says it uncovered a cyberespionage campaign by a hacking group associated with the Russian government against government officials in Montenegro as that country was preparing to join the North Atlantic Treaty Organization, CyberScoop reports. FireEye said it couldn’t determine if the attacks were successful.

GOVERNANCE

GM shareholders support one share class in vote . General Motors Co. shareholders signaled continued patience with Chief Executive Mary Barra’s attempts to boost a languishing share price, rejecting hedge-fund manager David Einhorn’s proposal to split the company’s stock into two classes, WSJ reports. More than 90% of GM investors casting ballots at the company’s annual meeting Tuesday rejected a plan floated in March by Mr. Einhorn’s Greenlight Capital Inc. that aimed to shake up GM’s capital structure. Shareholders also overwhelmingly voted down Mr. Einhorn’s slate of three proposed diretctors, instead opting to re-elect 11 incumbent directors backed by the U.S. auto giant.

Rights issue fight costly to RBS. The Royal Bank of Scotland has spent more than 1 billion pounds fighting its own shareholders on a rights issue, Telegraph reports. The bank reached a settlement with about 9,000 shareholders and 18 institutional investors, avoiding a trial that was set to start this week.

REPUTATION

Retailer pulls product due to slavery concerns . British retailer Waitrose removed cans of corned beef from store shelves after a report linking the company’s meat supplier–Brazil-based JBS–to cattle farms being investigated for alleged worker slavery, Guardian reports. JBS said the farm in question was not on the government’s blacklist and that it already had stopped buying from that farm. Waitrose said the product would remain out of circulation while it investigates.

Uber harassment probe results in 20 firings . Uber Technologies Inc. fired 20 employees after an investigation into sexual harassment in its workplace, the New York Times reports, citing a source who was at the meeting where the dismissals were announced.

RISK

Poor outlook drives down Macy’s share price . Macy’s Inc. met with investors on Tuesday to lay out its strategy. Instead, the department-store chain set off a new panic over the beleaguered retail sector. The company’s finance chief, Karen Hoguet, warned Macy’s gross margins would fall about 1% in its current quarter compared with a year ago and will decline slightly less than 1% for the full financial year. The remarks sent its shares tumbling 8.2% to $21.90, its lowest close in more than six years, and, in a sign of the sector’s fragility, dragged down other retailers as well, WSJ reports.

Chief executives optimistic on economy . A survey of chief executives by the Business Roundtable found CEOs are at their most optimistic levels about the U.S. economy in three years, despite the volatility presented by President Donald Trump, the L.A. Times reports. The CEOs continue to believe tax reform legislation will eventually pass Congress.

OPERATIONS

Health insurer leaves Obamacare market in Ohio . Anthem Inc. announced it would stop offering policies in Ohio, starting in 2018, the New York Times reports. The decision could leave more than 10,000 people without a way to buy insurance.

Qatar-flagged vessels barred from Dubai . Dubai’s DP World said it is banning all vessels carrying Qatar’s flag from calling at its home terminals in the United Arab Emirates, after the country severed diplomatic and some commercial ties with Doha, WSJ reports. DP World’s decision comes after the U.A.E., Saudi Arabia, Bahrain and Egypt broke diplomatic relations with Qatar Monday and said they would close off air, sea and land routes to the country after accusing Doha of backing terrorism and meddling in regional affairs.

STRATEGY

Amazon makes a run at Wal-Mart shoppers . Amazon.com Inc. is lowering its membership fee for low-income shoppers in an effort to go after a core group of consumers who shop at rival Wal-Mart Stores Inc. The new offering takes direct aim at Wal-Mart, which counts on shoppers who receive government assistance for a large percentage of sales. Wal-Mart generated about $13 billion in sales last year from shoppers using the Supplemental Nutrition Assistance Program, or SNAP, accounting for around 18% of the money spent through the program nationwide, WSJ reports.

Mashable announces departure of revenue chief . The chief revenue officer of digital media outlet Mashable, Ed Wise, is exiting the company “effective immediately,” according to an internal memo reviewed by The Wall Street Journal. A Mashable spokesman confirmed Mr. Wise’s exit but declined to comment on the reason. Mr. Wise joined Mashable in April 2016, which coincided with a major staff reorganization.

Email *Please fill in the required field. By clicking submit, I agree to the Privacy Policy and Cookie Policy and I understand I will receive marketing communications from Dow Jones professional information products from which I may unsubscribe using the links provided.

Thank you

Thank you for subscribing, your information has been submitted successfully.